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"The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
THE REPLY FILED 01 April 2005 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1. D The reply was filed after a final rejection, but prior to filing a Notice of Appeal. To avoid abandonment of this application, 

applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which places the 
application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41 .31 ; or (3) a 
Request for Continued Examination (RCE) in compliance with 37 CFR 1.114. The reply must be filed within one of the following 
time periods: 

a) n The period for reply expires months from the mailing date of the final rejection. 

b) 13 The period for reply expires on: (1 ) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In no 

event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN TWO 

MONTHS OF THE FINAL REJECTION. See MPEP 706.07(0- 
Extensions of time may be obtained under 37 CFR 1 .136(a). The date on which the petition under 37 CFR 1 .1 36(a) and the appropriate extension fee have 
been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee under 37 
CFR 1 .17(3) is calculated from: (1 ) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as set forth in (b) 
above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 
NOTICE OF APPEAL 

2. □ The reply was filed after the date of filing a Notice of Appeal, but prior to the date of filing an appeal brief. The Notice of Appeal 

was filed on . A brief in compliance with 37 CFR 41.37 must be filed within two months of the date of filing the Notice of 

Appeal (37 CFR 41.37(a)), or any extension thereof (37 CFR 41.37(e)), to avoid dismissal of the appeal. Since a Notice of 
Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41.37(a). 
AMENDMENTS 

3. □ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a)n They raise new issues that would require further consideration and/or search (see NOTE below); 
(b}\3 They raise the issue of new matter (see NOTE below); 

(cjn They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 
appeal; and/or 

(d)Q They present additional claims without canceling a corresponding number of finally rejected claims. 
NOTE: . (See 37 CFR 1.116 and 41.33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. □ Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling 

the non-allowable claim(s). / 

7. lEI For purposes of appeal, the proposed amendment(s): a) Q will not be entered, or b) ]A will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. ^ 
The status of the claim(s) is (or will be) as follows: 
Claim(s) allowed: None . 
Claim(s) objected to: None . 
Claim(s) rejected: 1-37 . 

Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary 
and was not earlier presented. See 37 CFR 1.116(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41.33(d)(1). 

10. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

1 1. IS The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 

See attachement. 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08 or PTO-1449) Paper No(s). 

13. □ Other: . 
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Response to Arguments 

1 . Applicant's arguments filed on 04/01/05 have been fully considered but they are 
not persuasive. 

2. In regarding to the remark on page 2 4"^ Paragraph, the applicant argues that the 
case of obviousness of separating the Host Controller (HC) functionalities and Zone 
Controller (ZC) functionalities from the Expert System Engine (ESG) to create two 
separate processor for processing time and load minimization has not been met 
(emphasis added). Nevertheless, it is obvious for one having ordinary skill in the art to 
make the modification to separate or delegate functionalities to multiple processors 
environment. The processing delegation is a popular method to minimize the processor 
load and processing time. 

3. In regarding to the remark on page ^1^ Paragraph, the applicant argued that 
Drake does not disclose any controller for "analyzing an output of the host controllers, " 
and "executing security actions in response thereto." As argued above, the ESG has 

many functionalities and one of which is the auditing parsing (Col 7 line 26). The 
auditing parsing has similar functionalities as the HC, such as collecting the information 
from the agents, scanning the information, and detecting intrusions (Col 7 lines 25-54). 
The output of the raw event records gets converted to Virtual Records. The Expert 
system engine has functionalities as the ZC (Col 1 1 lines 7-67). ZC scans through the 
database, which is the output of the HC, and then executes the response thereto (Col 
1 1 lines 25-65). 
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4. In regarding to the remark on page b 3^^ paragraph, there are multiple objects or 
events collected in the database and from multiple node or source or agents. It is a 
designer's choice to formulate the report that is best to apprehend. 

5. In regarding to the remark on page ^2"^ paragraph, applicant argued that Porras 
et al (US/6704874B1) does not teaches SNMP traps. Nevertheless, the cited column 
specified the security and fault-monitoring system comprises: SNMP (Col 3 lines 45-60), 

6. In regarding to the remark on page %|3^^ paragraph, the applicant argued that 
Drake fails to disclose the "identifying a plurality of business rules;" and "providing 
services utilizing the information based on the business rules." Nevertheless, the cited 
column includes the business rule, such as user account log and etc... (Col 17 lines 5- 
24). Therefore, the rejection dated on 03/01/2005 is maintained. 

Conclusion 

7. Any inquiry concerning this communication from the examiner should be directed 
to Linh Son whose telephone number is (571 )-27 1-3856. 

8. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (571)-272-3859. The fax numbers for this 
group are (703)-872-9306 (official fax). Any inquiry of general nature or relating to the 
status of this application or proceeding should be directed to the group receptionist 
whose telephone number is (571)-272-2100. 
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9. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval IPAIR.I system. Status information for 
published applications may be obtained from either Private PMR or Public PMR. Status 
information for unpublished applications is available through Private PMR only. For 
more information about the PAIR system, see http://pzr-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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